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CLAIMS 

What is claimed is: 

1. A method for management of a distributed data 
processing system, the method comprising: 

configuring geographic location information for 
resources within the distributed data processing system; 

identifying router systems within the distributed 
data processing system; 

determining a set of router systems that are closest 
to a geographic boundary; and 

generating a geographic router boundary resource for 
the set of router systems. 

2. The method of claim 1 further comprising: 
associating two or more geographic router boundary 

resources to create a secure boundary between two or more 
geographic regions . 

3. The method of claim 1 further comprising: 
configuring user security parameters for controlling 

access to the geographic router boundary resource. 

4. The method of claim 1 further comprising: 
authorizing user access to the geographic router 

boundary resource based on a user security parameter 
corresponding to the geographic location information. 
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5. The method of claim 1 further comprising: 
authorizing user access to resources within a 

geographic region as indicated by the geographic router 
boundary resource based on a user security parameter 
corresponding to the geographic location information. 

6. The method of claim 1 further comprising: 
quarantining a set of devices within a geographic 

region as indicated by the geographic router boundary 
resource . 

7. The method of claim 6 further comprising: 
unquarantining a set of devices within a geographic 

region . 

8. The method of claim 1 further comprising: 
disinfecting a set of devices within a geographic 

region as indicated by the geographic router boundary 
resource . 
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9. The method of claim 1 further comprising: 
dynamically discovering endpoints, systems, and 

networks within the distributed data processing system; 

correspondingly representing endpoints, systems, and 
networks within the distributed data processing system as 
a set of endpoint objects, system objects, and network 
objects; and 

logically organizing the endpoint objects, system 
objects, and network objects within a set of scopes, 
wherein each endpoint object, each system object, and 
each network object is uniquely assigned to a scope such 
that scopes do not logically overlap. 

10. The method of claim 1 further comprising: 
representing the distributed data processing system 

as a set of scopes, wherein a scope comprises a logical 
organization of network-related objects; 

associating each scope with a management customer, 
wherein each scope is uniquely assigned to a management 
customer, wherein each scope is uniquely associated with 
a set of configuration parameters for managing each 
scope; 

managing the distributed data processing system as a 
set of logical networks, wherein a logical network 
comprises a set of scopes, and wherein each logical 
network is uniquely assigned to a management customer; 
and 

allowing an administrative user to dynamically 
reconfigure logical networks within the distributed data 
processing system. 
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11. An apparatus for management of a distributed data 
processing system, the apparatus comprising : 

means for configuring geographic location 
information for resources within the distributed data 
processing system; 

means for identifying router systems within the 
distributed data processing system; 

means for determining a set of router systems that 
are closest to a geographic boundary; and 

means for generating a geographic router boundary 
resource for the set of router systems. 

12. The apparatus of claim 11 further comprising: 
means for associating two or more geographic router 

boundary resources to create a secure boundary between 
two or more geographic regions. 

13. The apparatus of claim 11 further comprising: 
means for configuring user security parameters for 

controlling access to the geographic router boundary 
resource . 

14. The apparatus of claim 11 further comprising: 
means for authorizing user access to the geographic 

router boundary resource based on a user security 
parameter corresponding to the geographic location 
information. 
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15. The apparatus of claim 11 further comprising: 
means for authorizing user access to resources 

within a geographic region as indicated by the geographic 
router boundary resource based on a user security 
parameter corresponding to the geographic location 
information . 

16. The apparatus of claim 11 further comprising: 
means for quarantining a set of devices within a 

geographic region as indicated by the geographic router 
boundary resource . 

17. The apparatus of claim 16 further comprising: 
means for unquarantining a set of devices within a 

geographic region . 

18. The apparatus of claim 11 further comprising: 
means for disinfecting a set of devices within a 

geographic region as indicated by the geographic router 
boundary resource . 

19 . The apparatus of claim 11 further comprising : 
means for dynamically discovering endpoints, 

systems, and networks within the distributed data 
processing system; 

means for correspondingly representing endpoints, 
systems, and networks within the distributed data 
processing system as a set of endpoint obj ects , system 
objects, and network objects; and 
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means for logically organizing the endpoint objects, 
system objects, and network objects within a set of 
scopes, wherein each endpoint object, each system object, 
and each network object is uniquely assigned to a scope 
5 such that scopes do not logically overlap. 

20. The apparatus of claim 11 further comprising: 

means for representing the distributed data 
processing system as a set of scopes, wherein a scope 
10 comprises a logical organization of network-related 
ob j ects ; 

means for associating each scope with a management 
m customer, wherein each scope is uniquely assigned to a 
jTs management customer, wherein each scope is uniquely 
H5 associated with a set of configuration parameters for 
fy managing each scope ; 

means for managing the distributed data processing 
y system as a set of logical networks, wherein a logical 
H network comprises a set of scopes, and wherein each 
WjO logical network is uniquely assigned to a management 
U customer ; and 

means for allowing an administrative user to 
dynamically reconfigure logical networks within the 
distributed data processing system. 
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21. A computer program product in a computer readable 
medium for use in managing a distributed data processing 
system, the computer program product comprising: 

instructions for configuring geographic location 
information for resources within the distributed data 
processing system; 

instructions for identifying router systems within 
the distributed data processing system; 

instructions for determining a set of router systems 
that are closest to a geographic boundary; and 

instructions for generating a geographic router 
boundary resource for the set of router systems. 

22. The computer program product of claim 21 further 
comprising : 

instructions for associating two or more geographic 
router boundary resources to create a secure boundary 
between two or more geographic regions. 

23. The computer program product of claim 21 further 
comprising : 

instructions for configuring user security 
parameters for controlling access to the geographic 
router boundary resource. 

24. The computer program product of claim 21 further 
comprising : 

instructions for authorizing user access to the 
geographic router boundary resource based on a user 
security parameter corresponding to the geographic 
location information . 
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25. The computer program product of claim 21 further 
comprising : 

instructions for authorizing user access to 
resources within a geographic region as indicated by the 
geographic router boundary resource based on a user 
security parameter corresponding to the geographic 
location information . 

26. The computer program product of claim 21 further 
comprising : 

instructions for quarantining a set of devices 
within a geographic region as indicated by the geographic 
router boundary resource. 

27. The computer program product of claim 26 further 
comprising : 

instructions for unquarantining a set of devices 
within a geographic region. 

28. The computer program product of claim 21 further 
comprising : 

instructions for disinfecting a set of devices 
within a geographic region as indicated by the geographi 
router boundary resource. 



